Changes in 1.5.0_20
The full internal version number for this update release is 1.5.0_20-b02 (where
"b" means "build"). The external version number is 5.0u20.
OlsonData 2009i
This release contains Olson time zone data version 2009i. For more information,
refer to Timezone Data Versions in the JRE Software .
Security Baseline
This update release specifies the following security baseline:
JRE Family Version Java SE
Security Baseline Java SE for Business
Security Baseline 1.4.2 1.4.2_19 1.4.2_22
In December, 2008, Java SE 1.4.2 reached its end of service life with the
release of 1.4.2_19. Future revisions of Java SE 1.4.2 (1.4.2_20 and above)
include the Access Only option and are available to Java SE for Business
subscribers.
For more information about the security baseline, see Deploying Java Applets
With Family JRE Versions in Java Plug-in for Internet Explorer .
Root Certificates
Root Certificates are included in this release.
* Added one new root certificate and removed 3 root certificates from Entrust. (Refer to 6805338.)
* Added three new root certificates from Keynectis. (Refer to 6845457.)
* Added three new root certificates from Quovadis. (Refer to 6846473.)
Bug Fixes
This release contains fixes for one or more security vulnerabilities. For more
information, please see Sun Alerts 263408 , 263409 , 263488 , 263489 , and 264648.
Bug fixes for vulnerabilities are listed in the following table.
BugId Category Subcategory Description 6656610 java accessibility AccessibleResourceBundle.getContents exposes mutable static (findbugs)
6656586 java classes_awt Cursor.predefined is protected static mutable (findbugs)
6660539 java classes_beans Introspector cache mutable static
6446522 java classes_lang 3Y Race condition in reflection checks
6801071 java classes_net Remote sites can compromise user privacy and possibly hijack web session
6801497 java classes_net Proxy is assumed to be immutable but is non-final
6406003 java classes_security Security issues in the Provider class
6429594 java classes_security Fix for 6406003 can be circumvented
6444262 java classes_security Provider deserialization still has problems
6657695 java classes_security AbstractSaslImpl.logger is a static mutable (findbugs)
6657625 java classes_sound RmfFileReader/StandardMidiFileWriter.types are public mutable statics (findbugs)
6738524 java classes_sound JDK13Services allows read access to system properties from untrusted code
6777448 java classes_sound JDK13Services.getProviders creates instances with full privileges
6588003 java classes_swing LayoutQueue mutable statics
6660049 java classes_swing Synth Region.uiToRegionMap/lowerCaseNameMap are mutable statics
6656625 java imageio ImageReaderSpi.STANDARD_INPUT_TYPE/ImageWriterSpi.STANDARD_OUTPUT_TYPE are mutable static (findbugs)
6657133 java imageio Mutable statics in imageio plugins (findbugs)
6830335 java jar Java JAR Pack200 Decompression Integer Overflow Vulnerability
6862844 javawebstart other java web start ActiveX control security problem caused by ATL PROP_ENTRY macro
6845701 jaxp parse Xerces2 Java XML library infinite loop with malformed XML input
6657619 jndi dns DnsContext.debug is public static mutable (findbugs)
Other bug fixes are listed in the following table.
BugId Category Subcategory Description 6851379 java classes_2d font files not deleted upon exit
6805338 java classes_security Add 1 new Entrust root CA cert and remove 3 others with 1024 bit keys
6845457 java classes_security Add root certs for Keynectis CA
6846473 java classes_security Add QuoVadis root CA certs to the JRE
6848984 java classes_util_i18n (tz) Support tzdata2009i
6851214 java classes_util_i18n (tz) New Jordan rule creates a failure for SimpleTimeZone parsing post tzdata2009h
Packages Collection.
The Perl 5 module MooseX::NonMoose allows for easily subclassing
non-Moose classes with Moose, taking care of the annoying details.
pkgsrc changes:
- Adjusting license and dependencies
Upstream changes:
0.753 (07.09.2009) - John Siracusa <siracusa@gmail.com>
* Detect enum-like columns in PostgreSQL. (RT 46214)
* Added support for the "sslmode" DSN option for PostgreSQL.
(Reported by foudfou)
pkgsrc changes:
- Adding license
- Adjusting dependencies
- Using "correct" module type
Upstream changes:
0.008 18 Aug 2009
* add tests and support for fuzzy int-types
* refactor to include an explicit Column class to allow for more
granular control of sql building. Thanks to John Maslanik for the prompting
that led to this idea.
PR pkg/41816.
The autodie pragma provides a convenient way to replace functions that normally
return false on failure with equivalents that throw an exception on failure.
The autodie pragma has lexical scope, meaning that functions and subroutines
altered with autodie will only change their behaviour until the end of the
enclosing block, file, or eval.
If system is specified as an argument to autodie, then it uses
IPC::System::Simple to do the heavy lifting. See the description of that
module for more information.
dependency of scheduled import for p5 pragma autodie from PR pkg/41816.
Calling Perl's in-built system() function is easy, determining if it was
successful is hard. Let's face it, $? isn't the nicest variable in the
world to play with, and even if you do check it, producing a well-formatted
error string takes a lot of work.
IPC::System::Simple takes the hard work out of calling external commands.
pkgsrc changes:
- Adding license
- Adjusting dependencies
Upstream changes:
0.05 Tue, 11 Aug 2009 01:57:18 +0200
* Look! A changelog! This wasn't too hard, was it? :-)
* Allow setting the default for Test::TempDir::Factory's use_subdir using the
environment variable TEST_TEMPDIR_USE_SUBDIR.
* Depend on a Moose version where delegations to class names work.
pkgsrc changes:
- Adding license
Upstream changes:
2.0205: Wed Jul 08 2009
- Doc bugs (very indirectly) found by Hans Dieter Pearcey
- added perl critic and Test::Pod
- fix bugs (as in wrongful code execution) found by critic.t
- fixed many punctuation problems found by critic.t
2.0203: Tue May 12 10:36:26 EDT 2009
- added a way to subtract hosts from the host list
2.0201: Sat May 9 08:32:25 EDT 2009
- why show the command number in the output?
pkgsrc changes:
- Adding license
- Adjusting dependencies
Upstream changes:
0.07
- Fix new warnings in Moose about overwriting methods
0.06
- Fix several pod errors (Closes RT#43490) (Ryan Niebur)
- Add pod tests
- Update version control notice
0.05
- Silence some new warnings from Moose
0.04
- add exclusions to role composition to avoid the new warning
pkgsrc changes:
- Adding license
Upstream changes:
0.205 2009-08-18
add the long-missing arg0 and full_arg0 accessors (resolves 35528)
thanks to GAISSMAI and Jerome Quelin for reporting
0.204 2009-06-27
document the need for calling ->import on Simple apps
add tests for Simple-based apps
correct a few errors in the tutorial (thanks, Jason Crome)
pkgsrc changes:
- Adding license
Upstream changes:
0.13 Sun Aug 9 13:38:19 2009
Add unshift_rule to classes that do Role::Rules
Several distribution improvements
Upstream changes:
0.26 Wed Jul 29 16:16:09 PDT 2009
- fix loading connect_info from schema-defined connection
(bluefeet, RT 48084)
- detect wrong case for "dbi:" DSN part in DBIC helper (caelum)
- Fix missing dep on Catalyst::Helper that made tests fail
(wintrmute, RT 47449)
pkgsrc changes:
- Adjusting dependencies (remove core module from extra dependencies)
- Adding license
Upstream changes:
1.07: 2009-08-05
- Skip the whole test when it can't bind to the specified private IP
(Tatsuhiko Miyagawa)
- Fix the way to get LWP error when it's set to X-Died instead of $@
(Zbigniew Lukasiak)
1.06: 2009-07-17
- explicitly load deprecated module LWP::Debug, now that it's not
loaded by default. (Tatsuhiko Miyagawa <miyagawa@gmail.com>)
1.05: 2009-06-21
- patch from Alessio Signorini <alessio.signorini@spryte.it> to
quiet a warning that could be triggered
1.04: 2008-10-30
- fix tests to no longer rely on my DNS servers, which had since migrated
to EasyDNS which doesn't allow the types of malicious records I was
testing for. instead, switch to a mock object resolver.
(Brad Fitzpatrick, brad@danga.com)
pkgsrc changes:
- Adding license (perl license)
Upstream changes:
0.40 Mon Aug 17 22:01:07 EDT 2009
* After a fork, we need to reset the random seed lest we have
duplicated random numbers in both forks.
0.39 Mon Aug 17 09:41:05 EDT 2009
* Added signature tests
0.38_04 Wed Aug 12 20:15:14 EDT 2009
Another pass at the Win32 fixes from KMX
0.38_03 Sat Apr 11 18:47:29 EDT 2009
* Subject: [rt.cpan.org #44961] [PATCH] xdg reports select() is problematic on win32
0.38_02 Fri Apr 10 20:57:19 EDT 2009
* Specify an HTTP version for our GETs should get escaping to wokr
0.38_01 Mon Mar 2 18:11:46 EST 2009
* http://rt.cpan.org/Ticket/Attachment/568795/286902/ from confound++ for
http://rt.cpan.org/Public/Bug/Display.html?id=28122
Upstream changes:
0.24 Tue Jul 21 21:28:02 CEST 2009
[ENHANCEMENTS]
- When a short-circuit response was send, the next response
would not be filtered at all. This has been fixed.
[FIXES]
- yet another fix for t/23connect, proposed by Marek Rouchal
(closed RT ticket #38995) [test skipped for now]
- HTTP::Headers::Util's split_header_words() returns lower case
tokens/keys since October 6, 2008. Fix by Maurice Aubrey.
(closed RT tickets #43249, #43622)
Upstream changes:
1.60 Mon Aug 17 00:41:39 CDT 2009
========================================
No new features. Exists only to skip tests that always fail on
Windows.
Fixed up some minor documentation problems.
